New Virus out. For Your Information only.
JennyC
----- Original Message -----
From: "Oxygen3 24h-365d" <oxygen(a)PANDASOFTWARE.COM>
To: <OXYGEN3COM(a)OXYGEN3.PANDASOFTWARE.COM>
Sent: Friday, December 21, 2001 3:47 AM
Subject: Oxygen3 24h-365d [Weekly Virus Report - 12/23/01]
"A man's character is his fate".
Heraclitus(540 BC - 480 BC); Greek philosopher.
- Weekly Virus Report -
Oxygen3 24h-365d, by Panda Software (
http://www.pandasoftware.com)
Madrid, 23 December, 2001 - Today, the Oxygen3 24h-365d report deals with
two mass-mailing worms: JS/Coolsites.A@mm and W32/Reeezak.A@mm.
JS/Coolsites.A@mm is a worm written in Java Script, that exploits a
security
hole found in Microsoft VM affecting several versions of MS Internet
Explorer (4.x and 5.x SP1). The worm, which uses e-mail to propagate, is
not
included in any attachments, but tricks the user into visiting a
pornographic website, which will trigger the viral code. Next, the
malicious message is sent out to every recipient found in MS Outlook's
'Sent
Items' tray. Once this is complete, the worm deletes all the
messages in
that tray in order to conceal its actions.
W32/Reeezak.A@mm is a worm written in Visual Basic and designed to spread
via e-mail in a file called CHRISTMAS.EXE. This file has the typical
Macromedia Flash icon, which may fool people into running it.
Once it is run, the worm displays a Christmas greeting with the text "From
the heart. Happy New Year" and copies itself to the Windows directory
under
the name CHRISTMAS.EXE. Next, a process called sm56hlpr is created,
which
locks the user's keyboard. W32/Reeezak.A@mm also makes three entries in
the
Windows Registry with various aims: to run on each system startup, to
change
the Internet Explorer home page and to change the computer name to
"ZaCker".
Finally, in computers running under Windows NT, the worm creates a
series
of
processes and title bars with the name 'Christmas', until all
system
memory
is used up.
For further information about these and other viruses, visit Panda
Software's Virus Encyclopedia at the following address:
http://www.pandasoftware.com/library/
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d:
Send a message to the following address:
oxygen3com-SIGNOFF-REQUEST(a)oxygen3.pandasoftware.com .
Or click on: mailto:oxygen3com-SIGNOFF-REQUEST@oxygen3.pandasoftware.com
and send
the message.
To contact with Panda Software, please visit:
http://www.pandasoftware.com/com/pandacorp/pandaworldwide.asp
------------------------------------------------------------
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at
http://mail.yahoo.com